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Members: 

Ailsa Beaton (chair) Non-Executive Director 

Roger Barlow Independent Audit Committee member 
Jane McCall Non-Executive Director 

Attendees: 

ICO 

Paul Arnold Deputy Chief Executive Officer 

Louise Byers Director of Risk and Governance 
Andrew Hubert Director of Resources 

Joanne Butler Head of Risk and Governance 


Internal Auditors 
Peter Cudlip Mazars 
Darren Jones Mazars 


External Auditors 


Robert Buysman National Audit Office 

David Eagles BDO 

Secretariat 

Chris Braithwaite Senior Corporate Governance Manager 
Caroline Robinson Corporate Governance Officer 


1. Introductions and apologies 


1.1. Apologies were received from Elizabeth Denham and Sid 
Sidhu. 


2. Declaration of interests 
2.1 There were no declarations made. 
3. Matters arising from the previous meeting 


3.1 The minutes from the previous meeting were agreed and 
there were no outstanding actions. 


4. Deputy Chief Executive Officer’s update 


4.1 


4.2 


Paul Arnold provided an update on matters relating to the 
ICO’s work including the EU exit and the adequacy bridge, the 
constitutional and spending reviews, the recruitment of a new 
Information Commissioner and Elizabeth Denham’s 
appearance in front of the DCMS Select Committee on 
Tuesday 26 January. 


It was confirmed that, with regard to the Companies House 
Campaign, we are able to demonstrate that we are being 
sensitive to the impact of COVID19 on companies. 


5. Risk and Opportunity Management 


5.1 


5.2 


5.3 


Louise Byers presented the report outlining the updates to the 
risk and opportunity register as a result of the recent review 
by the Risk and Governance Board. 


The Committee considered whether there is the need for a 
new risk in relation to changes to the senior leadership of the 
ICO. It was agreed that this area is closely linked to the 
existing risk R88; Future role of the ICO. 


Action: Corporate Governance to review R88 (or other risks) 
to ensure that they cover internal changes as well as external 
factors. 


The Committee requested a deep dive into the assurance that 
the ICO had in place around compliance risk. It was agreed 
that this report should be produced on an annual basis to be 
considered by the Committee in April. This would allow the 
Audit Committee to be assured about compliance prior to it 
agreeing that the Commissioner should sign the 
representation letter to the NAO. 


Action: Report on Compliance Assurance to come to April 
meeting. 


6. Business Continuity Policy 


6.1 


6.2 


The Business Continuity report and policy were presented for 
information and assurance. It was confirmed that Mazars will 
be conducting an advisory audit on business continuity, 
commencing 1 February 2021. 


The Committee were assured by the report and policy and 
thanked Joanne Butler for her hard work in this area. 


7. Board Succession Planning 


Fal 


7.2 


Louise Byers presented the report which sets out the 
approach to Board level succession planning. The report was 
presented for information and assurance. 


The Committee discussed diversity of the Board members and 
the senior leadership team. It was agreed that there are a 
number of programmes that are available to help widening 
the applicant pool for senior leadership roles. Paul Arnold 
noted that the recent Executive Team recruitment campaign 
had resulted in a diverse candidate pool. However, while the 
outcomes of this had increased diversity at Executive Team 
level, there remained work to do, particularly in relation to 
increasing BAME representation at senior levels. 


8. Finance 


8.1 


8.2 


8.3 


8.4 


8.5 


Andrew Hubert presented the Quarter 3 budget review. 
Taking into account the current fee income and the revised 
expenditure, it was highlighted that there is a potential 
surplus of £1 million forecast for the end of the financial year. 
He explained that while some of this surplus was due to spend 
being deferred to the following year, fee income projects were 
such that management did not think this was creating a risk. 


Andrew Hubert presented the report updating on Accounting 
Standards and confirmed that there are no changes in 
accounting standards that will impact the year end accounts. 


A report was presented to the Audit Committee to seek a 
decision regarding whether the ICO should produce a trust 
statement alongside the accounts. 


Treasury and DCMS have agreed that there is no requirement 
for a Trust Statement from the ICO, however the Committee 
may wish to consider whether the ICO incorporate a Trust 
Statement into our financial reporting. 


It was agreed that it would be preferable to produce a trust 
statement, as best practice, and to improve transparency on 
how the finances are managed. 


Action: Andrew Hubert to liaise with the external auditors to 
develop a trust statement and circulate an update on 
timescales to the Committee. The format for the trust 
statement to be agreed before the Committee’s next meeting. 
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8.6 The Audit Committee noted the procurement awards report. 


9. Internal Audit 


9.1 Peter Cudlip presented the progress report showing that the 
audits are on track to the end of the year. 


9.2 There were no issues raised. 
10. Outstanding Audit Recommendations 


10.1 Christopher Braithwaite provided an update on the workforce 
planning model recommendation and confirmed that this is 
now complete. The model had been agreed by the Board at 
the November meeting. 


10.2 All actions from Stakeholder Management have been 
completed. 


10.3 The Committee were assured that the action owners have 
been informed that recommendations should be completed by 
31 March 2021 where applicable. 


10.4 It was highlighted that it would be helpful for Stakeholder 
Management to be revisited and added to the internal audit 
plan for next year. 


Action: Corporate Governance to ask for updates on the 
outstanding actions on a regular basis leading up to 31 March 
2021. 


11. External Audit 


11.1 Robert Buysman confirmed that BDO will be delivering the 
external audit this year and highlighted that this will be the 
final year for BDO under the current contractual 
arrangements. 


11.2 He highlighted the additional areas of audit focus this year, 
which will include post Brexit activity and a new audit 
standards requirement to assess the ICO as a going concern. 
David Eagles confirmed that going concern was an additional 
area of focus solely because of the new audit standards 
requirement, not due to any concerns about the ICO as a 
going concern. 


11.3 The Committee and staff present confirmed that they are not 
aware of any issues relating to oversight of internal controls 
and counter fraud. 


12. Annual Report Timetable 


12.1 Louise Byers presented the timetable for the annual report, 
which takes account of the lessons learnt last year in 
delivering the report on time and includes the Remuneration 
Advisory Panel, to ensure they are involved in the process. 


12.2 She explained that the ICO was currently producing a 
separate report to Parliament on our work on COVID19, and 
planned to publish a report on the achievement of the 
Information Rights Strategic Plan, to coincide with the end of 
the Commissioner’s term. 


13. Security Report 


13.1 Louise Byers presented the report, highlighting that there has 
been a decrease of security incidents within the reporting 
period compared to the previous year. We are continuing to 
see improvements in how the systems are being used. 


13.2 Mandatory Information Rights Training was undertaken by all 
staff in December. 


13.3 Louise Byers confirmed that lessons learned exercises are 
conducted relating to all disclosures and pro-active training is 
provided members of staff. There are a number of technical 
systems also in place to help reduce accidental disclosures. 


14. Fraud and whistleblowing incidents 


14.1 The Committee noted the report confirming that there were 
no incidents reported in the quarter. 


15. Internal Audit Procurement 


15.1 Mazars and the External auditors left the meeting for this 
item. 


15.2 Louise Byers provided an update on the procurement and 
presented the report outlining the proposed next steps. The 
Committee were asked to confirm the preferred approach for 
the internal audit. 


15.3 The Committee agreed to take the direct award approach as 
outlined in the report. 


